diff -uNr linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h linux-2.6.15-openvz-025.014/include/linux/nfcalls.h --- linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h 2006-03-03 14:36:32.560909760 +0900 +++ linux-2.6.15-openvz-025.014/include/linux/nfcalls.h 2006-03-03 14:37:38.401900408 +0900 @@ -143,6 +143,7 @@ DECL_KSYM_MODULE(iptable_nat); DECL_KSYM_MODULE(ip_nat_ftp); DECL_KSYM_MODULE(ip_nat_irc); +DECL_KSYM_MODULE(ipt_REDIRECT); struct sk_buff; diff -uNr linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h linux-2.6.15-openvz-025.014/include/linux/ve_proto.h --- linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h 2006-03-03 14:36:32.560909760 +0900 +++ linux-2.6.15-openvz-025.014/include/linux/ve_proto.h 2006-03-03 14:38:42.914093064 +0900 @@ -55,6 +55,7 @@ extern int init_iptable_multiport(void); extern int init_iptable_tos(void); extern int init_iptable_REJECT(void); +extern int init_iptable_REDIRECT(void); extern void fini_netfilter(void); extern int fini_iptables(void); extern int fini_iptable_filter(void); @@ -62,6 +63,7 @@ extern int fini_iptable_multiport(void); extern int fini_iptable_tos(void); extern int fini_iptable_REJECT(void); +extern int fini_iptable_REDIRECT(void); #endif #define VE_HOOK_INIT 0 diff -uNr linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h --- linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h 2006-03-03 14:36:32.561909608 +0900 +++ linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h 2006-03-03 14:39:39.544483936 +0900 @@ -80,6 +80,7 @@ #define VE_IP_NAT_MOD (1U<<20) #define VE_IP_NAT_FTP_MOD (1U<<21) #define VE_IP_NAT_IRC_MOD (1U<<22) +#define VE_IP_TARGET_REDIRECT_MOD (1U<<23) /* these masks represent modules with their dependences */ #define VE_IP_IPTABLES (VE_IP_IPTABLES_MOD) @@ -125,6 +126,8 @@ | VE_IP_NAT | VE_IP_CONNTRACK_FTP) #define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD \ | VE_IP_NAT | VE_IP_CONNTRACK_IRC) +#define VE_IP_TARGET_REDIRECT (VE_IP_TARGET_REDIRECT_MOD \ + | VE_IP_NAT) /* safe iptables mask to be used by default */ #define VE_IP_DEFAULT \ diff -uNr linux-2.6.15-openvz-025.014.orig/kernel/ve.c linux-2.6.15-openvz-025.014/kernel/ve.c --- linux-2.6.15-openvz-025.014.orig/kernel/ve.c 2006-03-03 14:36:33.253804424 +0900 +++ linux-2.6.15-openvz-025.014/kernel/ve.c 2006-03-03 14:41:02.759833280 +0900 @@ -75,6 +75,7 @@ INIT_KSYM_MODULE(iptable_nat); INIT_KSYM_MODULE(ip_nat_ftp); INIT_KSYM_MODULE(ip_nat_irc); +INIT_KSYM_MODULE(ipt_REDIRECT); INIT_KSYM_CALL(int, init_netfilter, (void)); INIT_KSYM_CALL(int, init_iptables, (void)); @@ -100,6 +101,7 @@ INIT_KSYM_CALL(int, init_iptable_nat, (void)); INIT_KSYM_CALL(int, init_iptable_nat_ftp, (void)); INIT_KSYM_CALL(int, init_iptable_nat_irc, (void)); +INIT_KSYM_CALL(int, init_iptable_REDIRECT, (void)); INIT_KSYM_CALL(void, fini_iptable_nat_irc, (void)); INIT_KSYM_CALL(void, fini_iptable_nat_ftp, (void)); INIT_KSYM_CALL(void, fini_iptable_nat, (void)); @@ -124,6 +126,7 @@ INIT_KSYM_CALL(void, fini_iptable_mangle, (void)); INIT_KSYM_CALL(void, fini_iptables, (void)); INIT_KSYM_CALL(void, fini_netfilter, (void)); +INIT_KSYM_CALL(void, fini_iptable_REDIRECT, (void)); INIT_KSYM_CALL(void, ipt_flush_table, (struct ipt_table *table)); #endif diff -uNr linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c linux-2.6.15-openvz-025.014/kernel/vecalls.c --- linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c 2006-03-03 14:36:33.253804424 +0900 +++ linux-2.6.15-openvz-025.014/kernel/vecalls.c 2006-03-03 14:42:35.671708528 +0900 @@ -1592,6 +1592,13 @@ if (err < 0) goto err_iptable_length; #endif +#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \ + defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE) + err = KSYMIPTINIT(init_mask, ve, VE_IP_TARGET_REDIRECT, + ipt_REDIRECT, init_iptable_REDIRECT, ()); + if (err < 0) + goto err_iptable_REDIRECT; +#endif return 0; /* ------------------------------------------------------------------------- */ @@ -1732,6 +1739,12 @@ ip_tables, fini_iptables, ()); err_iptables: #endif +#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \ + defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE) + KSYMIPTFINI(ve->_iptables_modules, VE_IP_TARGET_REDIRECT, + ipt_REDIRECT, fini_iptable_REDIRECT, ()); +err_iptable_REDIRECT: +#endif ve->_iptables_modules = 0; return err; diff -uNr linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDIRECT.c linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT.c --- linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDIRECT.c 2006-03-03 14:36:33.952698176 +0900 +++ linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT.c 2006-03-03 14:47:44.502759072 +0900 @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -25,7 +26,7 @@ MODULE_DESCRIPTION("iptables REDIRECT target module"); #if 0 -#define DEBUGP printk +#define DEBUGP ve_printk #else #define DEBUGP(format, args...) #endif @@ -119,14 +120,36 @@ .me = THIS_MODULE, }; +int init_iptable_REDIRECT(void) +{ + return virt_ipt_register_target(&redirect_reg); +} + +void fini_iptable_REDIRECT(void) +{ + virt_ipt_unregister_target(&redirect_reg); +} + static int __init init(void) { - return ipt_register_target(&redirect_reg); + int err; + + err = init_iptable_REDIRECT(); + if (err < 0) + return err; + + KSYMRESOLVE(init_iptable_REDIRECT); + KSYMRESOLVE(fini_iptable_REDIRECT); + KSYMMODRESOLVE(ipt_REDIRECT); + return 0; } static void __exit fini(void) { - ipt_unregister_target(&redirect_reg); + KSYMMODUNRESOLVE(ipt_REDIRECT); + KSYMUNRESOLVE(init_iptable_REDIRECT); + KSYMUNRESOLVE(fini_iptable_REDIRECT); + fini_iptable_REDIRECT(); } module_init(init);